Curricula - Knowledge - Navigation

Towards a conceptualisation of cloud cybercrime

Discussing the issue of cloud cybercrime

The term ‘Cloud’ is actually a distracting misnomer that obfuscates attempts to systematically understand the impact of the cloud technologies, which have driven services that provide ‘on-demand’ computing resources with increasing effect since the mid-2000s. Moreover, ‘Cloud’ lacks the conceptual clarification needed to understand the implications of cloud technologies upon criminal behavior, crime analysis and also law enforcement. Many commentators refer to ‘the Cloud’ as a ‘thing’, an object, whereas others see it as simply a technological method of increasing computer storage and power – others deny its existence at all. ‘Cloud technologies’ – the preferred descriptor over ‘Cloud’– have impacted upon computing by increasing power and storage and delivering large scale computing much cheaper and on-demand. All are qualities that have not been lost on offenders, much to the frustration of law enforcement officers.

Cybercrime (with or without cloud technologies) takes place in a cyberspace; an ‘imaginary’ space created by the social reaction to the combination of Digital and Network technologies across distributed networks of communication. These technologies have created offending behaviours that are global, informational, and distributed, though while this space may be essentially imaginary, the consequences of criminal actions in cyberspace have very real consequences in the physical world. Moreover, internet technologies have given offenders considerable agility and scalability, effectively democratizing crimes such as fraud and hacking that were crimes of the powerful and the knowledgeable, respectively. The average person could, in theory, now commit many crimes simultaneously in ways not previously imagined possible, and on a global scale. There is, therefore, no longer any need for criminals to commit a large crime at great risk to themselves, because one person can now commit many small crimes with lesser risk to themselves. The (cyber) difference is that financial criminals no longer needed to commit a high risk $50 million robbery when they could commit 50 million low risk $1 robberies using a networked computer.

So, the ‘cyber’ aspect of cybercrime needs to be understood as a process of transformation rather than a thing (The Transformation Test). If the cybercrime disappears when digital and networked technologies are removed, then it is not a ‘true’ cybercrime, but in reality there are many variations. We therefore need to consider both the ‘cyber’, the level of technological mediation, and also the ‘crime’ aspect (modus operandi).

In terms of technological mediation ‘cyber-dependent’ crimes, such as DDoS attacks, spamming, piracy etc. would not disappear if the internet was removed. On the other hand, ‘Cyber-assisted’ crimes (e.g. a murderer web searching ‘how to kill someone’) would still take place. In between the two are hybrid ‘cyber-enabled’ crimes which include most types of frauds and deception. They existing crimes that are given a global, informational and distributed lift that is characteristic of ‘cyber’. Remove it and they still happen, but locally and small scale.

At the ‘crime’ end of cybercrime are various modus operandi (objectives and intents); rarely commented upon in the literature. We therefore need to distinguish ‘cybercrimes committed against the machine’, such as hacking and DDOS attacks etc., from ‘cybercrimes that use the machine’, such as frauds etc. Both of these also differ from ‘cybercrimes in the machine’ (content crime) such as extreme pornography, hate speech and imagery and social networking offences etc.

As indicated earlier, Cloud technologies have a quantitative ‘force multiplier effect’ upon cybercrime enabling a large volume of more complex crimes to take place – so, the 50 million $1 robberies would become 50 billion robberies of 0.1 cent. But they also have had a qualitative effect by introducing new types of cybercrime such as data breaches, DDoS attacks, Mass Spams, cryptojacking. plus, a range of cybercrime-as-a-service facilities that enable offending.

To understand or explain the impact of cloud technologies a cloud mediation aspect could be added to the above cybercrime model. Using the ‘transformation’ test what would be left of the cybercrime if cloud technology were to be removed. Cloud dependent cybercrimes such as big data-theft (data breaches) or cryptojacking would disappear without cloud technologies. Cloud assisted, assisted by cloud technologies, for example, where the public will increasingly source illegal items from the darkweb, would still take place by other means. In between the two, cloud enabled cybercrimes such as mass scam spams would (in estimation) reduce in scale from 10 billion every 10 seconds to 10 million every 10 minutes if the cloud technologies were removed.

In summary, whilst digital and networked technologies transformed criminal behaviour to create a range of cybercrimes, cloud technologies have since provided a further force multiplier effect that has also created new opportunities for offending to further expands the reach of offenders whilst also generating new challenges for law enforcement. The CRITiCal project will explore three cloud enabled or dependent forms of cybercrime: big data theft, mass DDoS attacks, and bulk spamming, each of which, play key roles in constructing the cybercrime ecosystem and also delivering Ransomware (EMPHASIS Project).

Excerpted from Wall, D.S. (2017) ‘Towards a conceptualization of cloud (cyber)crime’, 5th International Conference on Human Aspects of Information Security, Privacy and Trust, Vancouver 9-14 July 2017. – Funded by EPSRC EP/M020576/1 & EP/P011772/1